Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
Security concern due to visible password while calling "PublicReportService"
Organization Name
King County
Description
OIC interface is calling the OTBI public report service SOAP wsdl "https://serverURL.oraclecloud.com/xmlpserver/services/PublicReportService?wsdl"
OTBI is requiring the password as cleartext in the request payload and there is not going to be a secure solution for this use case. The username/password should not be part of payload rather it should be part of header (Basic Authentication)
Regards
Priya
Use Case and Business Need
This is a major security concern as prod password is visible and can be misused.
Original Idea Number: 185b66b90f
Comments
-
Agree with this..
0 -
It's a major security issue that needs to be addressed sooner.
0 -
Thank you for your support
0 -
Thank you for your support
0 -
i guess this has to be addressed in next release or so..
0 -
Hi there,
Thank you for your idea. I am relocating it to our Transactional Reporting (OTBI) Idea Lab for proper review: https://cloudcustomerconnect.oracle.com/resources/b2df648d2a/summary
Best,
Brendan J. Doyle
0 -
Brendan - The real solution to this is for the OTBI team to support JWT authentication so direct logins aren't necessary. Has that been raised as an idea? Should we? In this forum?
Regards,
Jeff Hare, CPA CIA CISA
1 -
Is there any update on this? How can Oracle leave SOAP authentication as basic authentication only? I don't understand how this could not have been addressed. It is a major security flaw that can be exploited easily. If hackers have the url of ANY clients cloud application, through a simple password generator, they will likely be able to run a BI report and get sensitive data.
0
